-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Il 28/02/2012 12:56, Nico Kadel-Garcia ha scritto: > On Tue, Feb 28, 2012 at 6:44 AM, Horvath Andras <[email protected] > <mailto:[email protected]>> wrote: > Oh, yeah, OK. What' you're referring to has little to nothing to do with > encryption of the channel. It's *provenance* of the ISO image and > checksums, establishing that the binary material on the mirror server > is, in fact, that provided by our faithful software authors. > > In this case, you can get the checksums from the primary website at > http://ftp.scientificlinux.org/linux/scientific/, and get the iso files > anywhere you want. I still think it's a good idea to add this, though, > just as the RPM's themselves are GPG signed.
unless you access the primary website via https, files could always be tampered with while in transit: you can't trust unencrypted channels Gilberto - -- - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPTMQlAAoJEFs07fyVhi0A/IEP/3spNCaAiNHXy/fjKmdjyU30 LgMdjc+pzp34QjcxXrUOhkvz18bMS0h2RCynchVfqCnpGGhJY8dg828+xRAzY8P1 MeC71z7pOkVyTJOt0GgDLxNQ1dmO6oGc4RtxIgbXYd7+lEf+KgOdQk6qEmW1/EIs OerZvUElfEhvZiYzeB4EeU2CIh3ESigBj4uZ5XsrBGyWjHJzz5GXhErAEwZtk1px 6dCcA1Visxgpwk75xTS18jgBNVe/OexQP0To1NXb9KvX3cXDlQpUqbxt61FKaTi+ 0zCu59xpk2m6ZMt/Z1a37UpjEZVUcnxKyrt1p88Or7gLzqXlcUt2gaCOFlfYHBfu qAPE9+KI2RgMC08vaiartJAjzvbvCbwKkWXMn+lMy/3HoJjbqH4v7CMhKT3DkIcD lj94Snfa7ipv+mwG+KjW+Z7nwbHyb+66kOnAviNiteRVAzdi5WFFL4opUUlpk1hU 8t2ecPrV9tFNawSKJQ/dJCFncYEyWUtjpHKBcYKOkTcoEw7fV4F2aHH2SvnitH2k 3rkcQd4fRDLjy9DfBXmP2I08EHD7Zcg83gP+iZn3k5MA0HhFh83tkjWSKnknNsBl GK2jGd1xp8KebnxYQ3yeuklQdccpQT5Qz6EEmmMciD/KvLMU9pPkvi6RWEsieVrw yk4yrbeqq1KiM8zU+lKo =mgdl -----END PGP SIGNATURE-----
